No surprise: In the great digital shift, many consumers have turned to third-party apps to access their financial data. Yet those consumers are less than ideally aware about how the apps actually work — and just what it is that companies are doing with their data.
Ben Isaacson, senior vice president of product strategy at The Clearing House (TCH), said data privacy needs to come to the forefront of public consciousness, involving all stakeholders, including governments and private firms, in order to gird effectively against fraudsters.
Among a slew of examples spotlighting just how pervasive the apps have become, Venmo’s Cash App and Robinhood have tens of millions of users — in fact, more active users than the largest banks.
And the trend is accelerating, Isaacson noted.
The conventional wisdom is that data breaches are “always someone else’s problem.” And for consumers, so long as the app works and they get what they need with speed, well, then it’s all good. At the same time, caution about how data and consumers’ personal information is being collected is spurring heavier scrutiny of Big Tech and providers’ activities.
Where the approach had been market-driven in years past, now the Biden administration has urged the Consumer Financial Protection Bureau (CFPB) to move ahead with efforts to make open banking more secure, an effort started during the previous administration with the CFPB ANPR on consumer access to financial records.
PYMNTS’ own research has shown that 42% of consumers have concerns about sharing details with third parties. But 82% of respondents have a third-party financial app that could be connected to a bank account.
Read also: 42% of US Consumers Worry About Security of Bank Account Credentials Shared with Third Parties
And yet, as Isaacson noted, it’s fairly simple to sow mistrust: “All it takes is one hacker, and data breach to get people really concerned.” The data breach that could serve as a wake-up call may still be lurking in the wings, he said.
In the meantime, much can be gleaned from a better and ideally simple set of guidelines and principles from firms that lay out how data are collected and shared. The 40-page disclosures that are a hallmark of such communications can prove daunting, he said. If 75% of people admit that they do not read the disclosures, then the 25% who say they do so are lying, he quipped, citing a recent TCH study of consumers’ views on data privacy and fintech apps.
The documents, he noted, contain copious amounts of legalese — and “there is no way the average consumer is reading that, or should be expected to read that or understand what’s in that.” But dig into the filings and some troubling findings emerge — that Big Tech liabilities are often capped at a few hundred dollars in the event of a data breach, for instance.
Ideally, he said, enterprises should be able to distill the most critical information into a few lines of type on a mobile device.
Standardizing the communications and data policies can help shore up enterprises’ defenses — and consumers’ expectations about liability — in an age where fraud is on the rise. He noted that banks are regulated entities, policed more actively than other companies. He told PYMNTS that bank apps, with highly regulated security protocols, have thus far proven to be relatively more secure than third-party apps (or even the data aggregators that collect and store data), giving fraudsters a way around banks’ security processes.
Looking ahead, he said, these and other nonregulated parties should be regulated and held to the same standards as financial institutions. They should have the same cybersecurity requirements and data protection requirements. Education can also help boost security. Isaacson remarked that according to TCH’s study, most consumers do not know what data aggregators are, much less what they do.
“From a consumer transparency perspective and from a consumer protection perspective, that really needs to change,” he said.